001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.clientlogin;
023:
024: import java.security.Principal;
025: import java.rmi.RemoteException;
026: import javax.ejb.SessionContext;
027: import javax.ejb.SessionBean;
028: import javax.security.auth.login.LoginContext;
029: import javax.naming.InitialContext;
030:
031: import org.jboss.security.auth.callback.UsernamePasswordHandler;
032:
033: /**
034: An IClientLogin session bean that calls a BeanB with changes in the
035: caller indentity using ClientLogin module.
036:
037: @author Scott.Stark@jboss.org
038: @version $Revision: 57211 $
039: */
040: public class BeanA implements SessionBean {
041: private SessionContext context;
042:
043: public void ejbCreate() {
044: }
045:
046: public void ejbActivate() {
047: }
048:
049: public void ejbPassivate() {
050: }
051:
052: public void ejbRemove() {
053: }
054:
055: public void setSessionContext(SessionContext context) {
056: this .context = context;
057: }
058:
059: public Principal callBeanAsClientLoginUser() throws RemoteException {
060: Principal caller = context.getCallerPrincipal();
061: String inputName = caller.getName();
062: try {
063: UsernamePasswordHandler handler = new UsernamePasswordHandler(
064: "clientLoginA1", "A1");
065: LoginContext lc = new LoginContext("client-login", handler);
066: lc.login();
067: InitialContext ctx = new InitialContext();
068: IClientLoginHome home = (IClientLoginHome) ctx
069: .lookup("java:comp/env/TargetBean");
070: IClientLogin bean = home.create();
071: Principal callerB1 = bean.callBeanAsClientLoginUser();
072: if (callerB1.getName().equals("clientLoginA1") == false)
073: throw new RemoteException(
074: "callBeanAsClientLoginUser#1 != clientLoginA1");
075: lc.logout();
076:
077: handler = new UsernamePasswordHandler("clientLoginA2", "A2");
078: lc = new LoginContext("client-login", handler);
079: lc.login();
080: Principal callerB2 = bean.callBeanAsClientLoginUser();
081: if (callerB2.getName().equals("clientLoginA2") == false)
082: throw new RemoteException(
083: "callBeanAsClientLoginUser#2 != clientLoginA2");
084: lc.logout();
085:
086: // Make sure the caller principal is the same
087: String inputName2 = context.getCallerPrincipal().getName();
088: if (inputName.equals(inputName2) == false)
089: throw new RemoteException(
090: "CallerPrincipal changed after logout");
091: } catch (Exception e) {
092: if (e instanceof RemoteException)
093: throw (RemoteException) e;
094: throw new RemoteException("callBeanAsClientLoginUser", e);
095: }
096: return caller;
097: }
098:
099: public Principal callTarget() throws RemoteException {
100: return null;
101: }
102:
103: }
|